A Guide to the National Institute of Standards and Technology Risk Management Framework
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.
Table of Contents
Introduction to Organizational Security Risk Management. Survey of Existing Risk Management Models. Step 1 – Categorize Information and Information Systems. Step 2 – Select Security Controls. Step 3 – Implement Security Controls. Step 4 – Assess Security Controls. Step 5 – Authorize Information Systems. Step 6 – Monitor Security State. Practical Application to the Implementation of the NIST Risk Management Framework.
Anne Kohnke, Ken Sigler, Dan Shoemaker